Requests for MariaDB

There has been a recent spate of blogposts and tweets regarding MaxScale binary downloads requiring acceptance of an Evaluation License that some in the community perceived to be onerous. MariaDB took quick action to make these binaries available without accepting the license, and were quickly – and rightly – praised for listening to the community. [UPDATE 2016-04-14: It turns out the measures MariaDB took were incomplete, and that accessing downloads of MaxScale still require accepting the Evaluation License terms – see comments for details] The MaxScale binaries are part of a larger concern for me, and I commented as much on the blog highlighting MariaDB’s action. That comment hasn’t been approved by the author (though later comments have been), so I thought it might not be the right venue to raise such questions – hence this blog post. I hope MariaDB proves as responsive to these concerns/questions as they were to the MaxScale binary issues!

What About MariaDB Enterprise Binaries?

It’s great that MariaDB eliminated the need to accept the Evaluation License to download GPL-licensed MaxScale binaries. Can the same be done for MariaDB Enterprise Server? Like MaxScale, it is also GPL-licensed, and the Evaluation License seems to suggest that GPLv2-guaranteed freedoms are unaffected by the Evaluation License. Regardless, the intent seems clear enough: By suggesting that usage of product for non-evaluation purposes may represent legal risk, unsuspecting or unsure users may feel compelled to pay for free software. At best, that’s a disingenuous attempt to trick people into believing they need to pay for MariaDB Enterprise Server binaries. I think the community deserves better.

If MariaDB software is open source – all of it, Community and Enterprise editions – stop pretending people need to pay MariaDB to use the best of it. Stop slapping Evaluation Licenses on top of GPL-licensed software, and just let people download and use it. Require acceptance of Evaluation License for the components not governed by GPL, such as services or the closed-source monitoring product.

For all the criticism of Oracle’s open-core approach to the MySQL business, it’s at least perfectly clear what aspects require users to pay Oracle, and which are free. MariaDB should strive for similar clarity in their own offerings.

Stop Marketing Product Differentiation

The MariaDB FAQ goes to great lengths to differentiate the Community and Enterprise binaries of MariaDB Server, using words such as “proven”, “battle-tested”, “stable”, “supported” and “certified” to describe Enterprise builds, while Community builds get labels including “experimental” and “cutting-edge”. Most people want stable, supported, proven database binaries – I think specifically the Linux distributions bundling MariaDB would find the characterization of MariaDB Community unsettling.

There’s surely a market for developers eager to try advanced new features, but the concept espoused by MariaDB marketing that this must come at the cost of enterprise-ready stability is forced. Please make MariaDB Community binaries every bit as stable and proven as the Enterprise binaries, and find a different mechanism for distributing less mature features. Again, this will bring parity with Oracle, who applies the same QA and release process and schedule to both Community and Enterprise, and doesn’t imply differentiation based on stability, quality or supportability.

Clarify Open Development

Unlike some other related projects, in MariaDB all development is public and every commit done by any developer is visible in real-time to the world to build upon.

There’s certainly a lot to like about the process generally, but there are very notable exceptions. The most recent example is the announcement of the impending beta of ColumnStore. I can find no discussion on the MariaDB developer list on the topic, nor can I find a single JIRA referencing this work. From all appearances, the ColumnStore work seems to be brought to beta stage entirely internally and silently, without any public coordination or discussion. As best I can tell, there are no publicly accessible design documents or requirements, and there’s no public code branch. I have to assume that some tasks exist for this work; if I’m not just missing them in the public JIRA, perhaps they are housed in one of the non-public JIRA instances used by MariaDB?

Can MariaDB please explain how this demonstrates open development practices? It’s hard to distinguish from the practices of Oracle, who likewise just announced major beta functionality that was not previously publicly disclosed.

Free the MariaDB Foundation

I see the above as all very good reasons to question the independence of the MariaDB Foundation. Why else would MariaDB Foundation decide to not produce “stable”, “enterprise-grade” binaries for the MariaDB community? Way back in 2008, Sun tried very similar tactics: GPL-licensed Enterprise binaries and source available to customers only, with various attempts to differentiate the packages (more frequent maintenance releases, in Sun’s case). Jeremy Cole held Sun accountable by providing download mirrors of the GPL-licensed Enterprise source and binaries, knowing that the community wanted what Sun was arbitrarily (and needlessly, considering the GPL license) restricting. It took Vadim doing the same for MaxScale for MariaDB to take note.

The MariaDB Foundation is meant to ensure the community needs are never undermined by corporate interests, yet it does not do what Jeremy Cole did 8 years ago and make such binaries freely available? Kaj Arno noted at the time Sun hid GPL binaries behind a paywall that “nothing” prevented Enterprise binaries from being redistributed by interested community members, highlighting that business drivers motivated this change:

Still, we feel that most business users will see the value of a MySQL Enterprise subscription that offers regularly-reliable software updates directly from the ’source’, along with premium 24×7 technical support and proactive monitoring/advisory tools.

Why should the MariaDB Foundation put the business concerns of MariaDB Corporation ahead of the MariaDB community?

Likewise, where is the MariaDB Foundation when plans for ColumnStore were being hatched outside public view, by MariaDB captains employed by MariaDB Corporation? Why didn’t these MariaDB Foundation members say, “we should really be having this discussion on our public mailing lists?”

Conclusion

MariaDB has some great people working for it, and could be truly amazing if it clarified its business model, provided enterprise-grade binaries freely available to the community, consistently applied open development principles and promoted independence of the MariaDB Foundation. Repeating the failed experiments of the Sun years on binary differentiation and hiding is moving backwards, not forwards.

Downloading still requires registration, but no longer requires accepting the evaluation license. I have the same understanding about ColumnStore – my point is just that announcing a beta might suggest a little work has already been done, and I’d expect that to be accessible in a development process as open and public as is claimed.

You are correct – it seems it was premature to thank MariaDB for eliminating the Evaluation License requirement. Your screenshot shows it is still required to register as a user. Beyond that, there is a notice on the Enterprise download page alerting users that they are bound by the Evaluation License. This also existed on the MaxScale download page yesterday, but has been removed. As you note, though, it’s all moot if accepting the Evaluation License terms is required to first create an account. The problem very much remains – thanks for correcting me.

Todd, Vladim – I don’t see that when I login to download MaxScale. Please logout from MariaDB.com and follow this link: https://mariadb.com/user/login?destination=my_portal/download/maxscale
I don’t need to agree with anything. I logged in with my LinkedIn account, and everything worked.
Todd is totally right on MariaDB Enterprise (even if I don’t care much about enterprise editions) but Vladim’s argument about license agreement seems to me simply false… am I missing something?

The requirement to agree to the Evaluation License that Vadim is referencing happens during new user registration. From the URL you provided, click on the “Create a Free Account” link at the bottom. This takes you to a registration page which requires you to accept the terms of the Evaluation License to register. It’s also the screenshot Vadim provides, and is very much still active. The notification about the Evaluation License during the actual download process, once you’re actually logged in (with an account that’s accepted the Evaluation License terms during creation) – that’s been removed for MaxScale downloads (but not for MariaDB Enterprise downloads). Unfortunately, it seems we were wrong – hopefully just premature – in congratulating MariaDB for no longer requiring acceptance of the Evaluation License terms. It’s still very much in force, but at a different stage than you or I had focused upon.

I’ve just checked – yes, there were non-approved comments (by you and Vadim Tkachenko). Now I’ve approved them all. Sorry for that, it was not intentional. The only reason why my comments are not automatically approved is spam.

Thanks Federico! I know you approved a comment from me on your earlier post. When later comments were being approved and mine still showed as awaiting moderation, I decided my thoughts were better articulated in a separate blog post, anyways.

Your first quote is from MariaDB Foundation blog. And indeed, all MariaDB Server development is done in public, and is visible in real time.

Your second link — the ColumnStore announcement — is on the MariaDB Corporation site. The announcement says that the ColumnStore is “a fork based on InfiniDB”. I am sure, you remember InfiniDB, it’s not a new player in our ecosystem. ColumnStore is a separate product, not part of MariaDB Server (at least, yet).

Unfortunate as it may be, not everything that MariaDB Foundation promises about the MariaDB Server applies to what commercial entities (including MariaDB Corporation) are doing with their various offerings.

Thanks for the response! I think this highlights the need for a truly independent MariaDB Foundation which can focus on the needs of the MariaDB community separate from the business motivations of MariaDB Corporation. That MariaDB Foundation is dominated by MariaDB Corporation (in its board, in its committers, in its thought leadership) seems to give it great difficulty putting community needs first – and that’s the entire justification of having a Foundation in the first place. If Monty can talk about how open and public Server development is as a Foundation board member, then turn around and lead non-public efforts to develop and integrate ColumnStore into MariaDB Server as MariaDB Corporation CTO, that’s a problem.

It’s troubling to me that the Foundation can make claims about the benefits of MariaDB (the product/project), and MariaDB Corporation staff can adhere to those standards as much or little as they see fit. This would be far less problematic if there was a clear delineation between Foundation and Corporation, but that does not exist today.

MariaDB Corporation staff adhere to what MariaDB Foundation says, of course. But only as long as it concerns *MariaDB Server*. MariaDB Foundation is only about the MariaDB Server project, not about connectors, not about MaxScale, not about ColumnStore. This is stated on mariadb.org.

ColumnStore is not MariaDB Server. It’s not InfiniDB either, but it is based on both code bases. So, strictly speaking, Foundation statements about the Server do not apply to the ColumnStore. Not yet, at least.

As an engineer I would love to see InfiniDB to be a “normal” pluggable storage engine for MariaDB Server. But InfiniDB developers has always hacked deep into the server and it’ll take time to replace that with proper interfaces that will allow InfiniDB engine to use all its capabilities.

By the way, I do agree that the border between the MariaDB Foundation and the MariaDB Corporation is not always clear. And I am trying to get it clarified whenever I can (not only by answering blogs 🙂

Thanks again for the response. The state of ColumnStore is a bit of a mystery, since there’s no available code or technical details. I presumed the deep hooks you describe were being added to MariaDB Server; it sounds instead like this will be a MariaDB Corporation-only product (at least to start with).

I’ve searched in vain to find references on the MariaDB.org website that clarify the Foundation exclusively deals with MariaDB server, and not other critical ecosystem components such as connectors. In fact, the About page talks about a mission that spans the MariaDB ecosystem: “The MariaDB Foundation ensures continuity and open collaboration in the MariaDB ecosystem.” Can you share a URL which might clarify the Foundation’s limited focus?

First, it says that “MDBF is a non-profit corporation whose mission is to: [a] steer and guide the continued non-profit development and promotion of new, GPLv2 releases of the MDB Server in an open and transparent fashion that meets the needs of the open source community; [b] grow a vibrant community and ecosystem for the MDB Server; [c] maintain free, open and perpetual access to the repository for the MDB Server ”

Second, it says that the MariaDB Foundation has an exclusive license to the MariaDB Server trademark. Which means, I think, that MariaDB Foundation (and only MariaDB Foundation) has the right to decide what is called “MariaDB Server”, nobody can fork the tree and continue calling it MariaDB Server, unless the Foundation has agreed to that. But, again, I am not a lawyer.

Anyway, MariaDB Foundation has no such power over connectors, MaxScale, or ColumnStore.

Naturally, MariaDB Foundation builds and offers the most “stable” and “enterprise-grade” binaries to the best of its knowledge. But we cannot prohibit anyone (be it Debian, Fedora, or MariaDB Corporation) to do additional testing or to build binaries differently. And they do.

As for the marketing… I am sure our users realize that when some commercial entity claims to have “most stable” and “enterprise-grade” binaries, that does not automatically means that other MariaDB Server builds suddenly became unstable at the day of the press release.

I have no objections to MariaDB Corporation marketing Enterprise binaries as the “most stable” or “enterprise-grade”, but I believe your assertion that the statements I cite don’t draw a sharp contrast against community binaries is wrong. Remember, this is the explicit answer to the MariaDB FAQ, “How do the MariaDB Enterprise certified binaries differ from the MariaDB community binaries?” If you’re suggesting I’m just reading it wrong, I guess we fundamentally disagree.

It is a little weird to hear “some commercial entity”, from someone who is employed by that entity. Your title is “Chief Architect at MariaDB Corporation”. So I read it as you should be behind claim “most stable and enterprise-grade binaries”. As Chief Architect at MariaDB Corporation do you support these claims or you don’t ?

My title is “Chief Architect MariaDB”. I do not deal much with connectors, MaxScale, ColumnStore, or MariaDB Enterprise, unless that affects server architecture.

And neither testing, not compilation options, nor configuration files of the MariaDB Enterprise affect it, so I did not look much into that.

Besides, while I do work at MariaDB Corporation, I am also on the board of the MariaDB Foundation, as you know.

But anyway, I was expressing my own views, not MariaDB Foundation or Corporation. And as far as I understand, while MariaDB Corporation is a sponsor or the Foundation, it is, still, just “some commercial entity” from the Foundation point of view. With different goals and different management.

As for these claims — I am an engineer. I would only claim “most stable binary” if I would have tested all other binaries for stability. And I did not.

I hope that somebody will conclusively speak for MariaDB Corporation or Foundation and clarify matters authoritatively. When you talk about “different goals and different management”, it may be readily apparent to you or other insiders wearing both foundation and corporate hats which is on your head at any given moment. I hope you are hearing the community say they can’t tell the difference, and that’s a big problem.

I meant to say that I don’t know what “enterprise-grade” mean and whether it means anything at all or just an empty buzzword (I suspect the latter).

As for the goals… I presume that any for-profit business needs to make profit, if it was taking financing rounds, it needs to make enough profit to please investors. And the Foundation goals are “steer and guide the continued non-profit development and promotion of new, GPLv2 releases of the MDB Server…” and so on, as in the earlier comment.

So much brand confusion. Announcement claims “MariaDB does something”. When that something isn’t done in a community way, then we are told that was done by MariaDB.com, and there is separate MariaDB.org thing. I wish there were a stronger wall between the .org and .com sides. This has kept me away for years.

Thanks for that write-up, Todd. Happy to see that there are still people that not only care, but also bother to speak out.
Indeed, the appears to be a lot of repeating of history going on. Pity as it’s such a waste of time.

Sergei is of course quite right in disregarding marketing. However, for businesses that don’t have the technical background or licensing insight, it amounts to FUD and sadly that appears to be the intent. There too history repeats.

Every one is free to propose a business model that bring more money inside the foundation! I speak only for myself but when a different QA team works on checking xtrabackup and maxscale works well together with the server and on various architectures (azure, power ), we should be allow to claim its more tested and to bundle this work in a separate licence . If someone not willing he can use every open source peace separately compile when needed and pray that it was tested by someone else before. Also the futur of maxscale is probably to become open core to allow commercial partners plugin and to bring some sort of market place. Arjen for example you can start doing a maxscale plugin that translate O CONNECT BY PRIOR to Ma OQGRAPH queries . And OQGRAPH is still dev under the open world but you get money from a company that does not want’s to spend time to learn or to change his application via this new enterprise licence.

The co are and will never ask the foundation dev to go in their direction inside the server and that’s why maxscale is a good vector for such change.

I appreciate the response. I should be clear – I’m not talking at all about funding models for the Foundation; my concern are the parallels between the business model MariaDB Corporation appears to be adopting and similar failed/unpopular attempts from the Sun days.

Testing third-party integration is really “certification”, and I’m OK with the idea that MariaDB Corporation tests an extended suite of products to certify their builds work with those. Oracle does the same thing. I think it’s important that the community know the extent to which the Foundation will certify MariaDB Server builds against other products – I can see it being a major problem if only the Corporation decided to do QA with Galera, or various connectors, or replication. When MariaDB Corporation says, “we test more!”, the community should certainly have visibility into what tests are lacking in MariaDB Community, and help guide what testing should be considered “core” rather than “value-add”.

Ultimately, though, your comments about “use … open source … and pray that it was tested by someone else before” seems to be an example of the marketing which undermines the Community product which I’d like to see stop. I get that it’s tough – MariaDB sells not only against other RDBMS vendors, including upstream MySQL, but it also has to sell against itself, giving somebody reasons to pay MariaDB instead of using the GPLv2 product for free. I think marketing the Community product against the Enterprise product on the basis of quality is a poor decision – either it’s true, and the Community builds really are less appropriate for enterprise deployment due to insufficient testing, or it’s false, and an empty marketing claim to confuse people into paying for fake value. Neither of these options are good for MariaDB.

It’s interesting that you suggest MaxScale may become a platform for an open core business model. It’s strange to hear you suggest that the Company doesn’t significantly drive the direction of the Server – the Foundation board is 50% MariaDB Corporation employees, and as best I can tell, the percentage of committers to MariaDB Server employed by MariaDB Corporation seem far closer to 100% than 50%. If MariaDB Corporation staff are not adequately positioned to influence the direction of MariaDB Server, who is? If the problem is more about deciding which features to release to the Community (via Server), and which to reserve for paying customers (via MaxScale), that’s a whole different problem. And business model.

You raised a very valid point about the quality of the server it is no better inside enterprise , it’s about more coverage and more integration. That’s because from our God Monty, we have been ask to move every improvement inside the server to the community release first.

So negative marketing +1

“The Foundation board is 50% MariaDB Corporation employee“
Ok but the Foundation is not about the Board it’s just about developers that work freely inside it. It hold few of the best dev i ever seen in the core team and no one can tail them what to do for the best of the server, (may be some influencers can come from Co or Board members but hardly for a bad reasons).

No doubts that Foundation should get more of such quality dev , and many contributors would probably prefer to join it, to get read of investors and corporate management and roadmap pressure. They absolutely do not need to come from MariaDB Co, but the reality is that the donation level can’t afford such move and that such quality dev needed by the fondation also interest company like MariaDB, Facebook , Google … for their own commercial plans.

First, thanks for your reply – I certainly appreciate MariaDB staff taking the time to engage on topics such as this.

I think we have different perceptions of what’s happening. You talk about how features are targeted first for Server, so that Community benefits. I look at something like database firewall functionality and question that. In an environment where security is a key driver in any tech purchase, look at what happened: Database Firewall ended up as a filter for the MariaDB Corporation’s MaxScale product, not as a component of MariaDB Server. That means MariaDB Corporation – not MariaDB Foundation – controls that feature, and can monetize it.

The decision to make this part of MaxScale rather than MariaDB Server surely wasn’t made on the basis of some technical inability to do this inside MariaDB Server – Oracle has a MySQL Server plugin for database firewall, so we know it can be done. So Oracle saw a feature people would pay for, implemented it as a server-side feature, but reserved it. MariaDB Corporation saw the same need, produced it as a product outside the server, and reserved it. In short, I don’t see everything being funneled into MariaDB Server the way you describe.

There are some truly awesome developers contributing to the MariaDB project. That includes MariaDB, Facebook and Google, as you noted, but also Percona and Oracle (I’m guessing the single largest corporate “contributor” to MariaDB). I have tremendous respect for the immense talent of individuals at each of those companies, and I’m thankful for their contributions.

That said, committers are another class of developers. They are the ones who decide what goes in, and what stays out. They set and enforce the vision for the Server, and these individuals seem to be almost exclusively MariaDB Corporation employees.

Regardless, you’ve given me a good deal to think about. The comment threads are a bit jumbled now – I’ll try to present my thoughts in a more cohesive forum later.

Licence is GPLV2 and inside MariaDB Co it has yet never been a question to produce something else . Open Core question is only an expression of my thinking and not my managers. For me serving clients i’m absolutely convince with the open core model because i can report cases where the open source adoption is limited by lack of possibility on commercial products interaction. A good example is the healthy market of HSM, security is small demand big value and efforts , it’s not really a market compatible with open source that best target massive deployments . But to interact with such company we need a licence that can address this interaction. MariaDB CO exists to produce open source code with full time job positions and this need healthy revenues, when using something marketed under Enterprise on our portal it’s because you are willing to do business with us, just like when picking Redhat instead of Fedora or CentOS, hey users behind those pages you agree that what’s behind has a value we may ask you to be charged for it. Despite for the products we provide the users can still stay he does not see a value to it, but that’s a sale process to be argued not a legal concern.

I don’t immediately see a PCI requirement that the firewall be outside the database – unless the database is currently previously accessible directly from the internet, in which case making MaxScale the internet-accessible endpoint might be a compliance benefit. But that’s a bad scenario to start with, and it’s hard for me to imagine that’s the use case driving this specific architectural decision. I’m a big fan of proxies (including MaxScale) as a tool to inject new behavior where endpoints can’t be modified. I’m less of a fan in compliance architectures, where such proxies can be completely bypassed.

I’ll have to review the PCI guidelines to see if I can identify specific reasons a proxy service would be preferred to an integrated solution. If you have specific pointers, great.

While I would agree that a network admin is responsible for network traffic (which remote machines can talk to which services on other machines), I don’t agree that a network admin is the right person to do the kind of deep contextual packet inspection to build rules about which SQL statements are allowed and which are disallowed. My bigger concern with proxy-based security is the lack of tight coupling to the service; it’s typically remarkably easy to get around a proxy and go directly to network-exposed MariaDB Server services.